Identity Proofing and Logical Access Controls: A review of the process for collecting and verifying information about a prescribers and the process of establishing confidence in user identities electronically presented to the application.

Authentication Protocols: Backbone will review the technical control in place to ensure electronic prescription applications must require the practitioner to authenticate to the application using a two-factor authentication protocol.

Creating and Signing Electronic Prescriptions: A review of the process integrity to ensure practitioner's completion of the two-factor authentication protocol must cause the application to digitally sign and electronically archive the information.

Internal Audit Trails: A review of the audit events will be conducted to confirm attempted or successful unauthorized access to the electronic prescription application are logged. This includes creation, modifications or destruction of any information or record. In addition, we will confirm that a security incident event reporting process has been established.

Recordkeeping and Logs: Backbone will confirm that all records related to the electronic prescriptions are retained electronically and in accordance with the regulation retention period.

Transmission: Backbone will review the technical controls in place to ensure the electronic prescription application must not allow the transmission of an electronic prescription if an original prescription was printed prior to attempted transmission. The contents of the prescription must not be altered during transmission between the practitioner and pharmacy. Any change to the content during transmission, including truncation or removal of data, will render the electronic prescription invalid.

Pharmacy: Backbone will review that the pharmacy applications accurately and consistently import, store, and display the information required for prescriptions such as the indication of signing, the number of refills and verify the practitioner's digital signature as applicable.

Risk Assessment: Backbone can help organizations determine if the application changes affect the functionality related to controlled substance prescription and a re-certification is required. For application service providers, we will help address processing integrity and physical security and determine if the application meets the requirements.

Backbone's EPCS certification service helps organization with their third-party audit certification requirement for their EPCS applications. Backbone has a team of Certified Information System Auditors (CISA) that are qualified to conduct EPCS audits in accordance to the DEA EPCS requirements.